Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MGzRd2cpGBJ0h18RX2_KYyuK8G8.roa
File:                     MGzRd2cpGBJ0h18RX2_KYyuK8G8.roa (raw, json)
Hash identifier:          ZIXiOOSugxnEPJWq94YuLIeBPBhkP58WNcQJqMsRmLA=
Subject key identifier:   30:6C:D1:77:67:29:18:12:74:87:5F:11:5F:6F:CA:63:2B:8A:F0:6F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143F1EC587763D62646E3F8E3F94378
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MGzRd2cpGBJ0h18RX2_KYyuK8G8.roa
Signing time:             Wed 01 Jan 2025 09:48:08 +0000
ROA not before:           Wed 01 Jan 2025 09:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        194.105.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f1:ec:58:77:63:d6:26:46:e3:f8:e3:f9:43:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=306cd1776729181274875f115f6fca632b8af06f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:33:c2:0c:d7:93:5a:14:cb:ec:0f:17:80:f1:
                    1c:cf:0c:5e:d5:f3:7f:8e:16:70:15:c1:de:ca:25:
                    d5:ba:c7:2c:11:a6:94:e4:77:eb:67:c0:f3:39:71:
                    0c:35:e7:49:17:27:63:ef:37:c8:b9:72:56:a6:99:
                    e9:64:63:e6:93:fb:8c:9c:f3:cd:9f:c5:5f:3d:9c:
                    30:87:29:12:26:f0:64:59:87:50:ce:2b:ce:47:75:
                    05:b2:25:2c:07:f6:dc:d2:d6:e9:47:d6:06:dd:c4:
                    dd:5b:6d:b9:16:5a:81:2b:cd:18:92:a3:0e:a7:c2:
                    cd:9c:5b:20:8c:b8:86:6d:1e:cc:79:bf:a3:dd:18:
                    49:64:0e:1b:80:c9:bd:79:02:78:2a:ab:b8:71:0f:
                    47:0b:45:e0:e3:f6:5d:74:68:09:2a:74:84:a8:c9:
                    6e:58:d2:22:63:f7:4f:f0:2a:35:af:8d:7d:b4:9a:
                    28:a3:8a:04:da:c4:ab:9c:38:be:b1:38:c8:0b:56:
                    cc:84:05:9c:e7:32:e2:03:d6:85:d6:84:03:5b:b6:
                    b9:4a:7e:80:1e:40:1f:13:a0:8a:25:56:d7:fe:89:
                    99:fd:76:f6:d6:1b:83:c5:82:d9:14:db:36:15:15:
                    6d:eb:df:c1:85:c5:7e:d4:69:27:94:34:32:98:7a:
                    13:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:6C:D1:77:67:29:18:12:74:87:5F:11:5F:6F:CA:63:2B:8A:F0:6F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MGzRd2cpGBJ0h18RX2_KYyuK8G8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.105.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:fa:3e:7e:79:f0:a3:1a:f7:b6:fa:c7:e9:46:34:a0:2a:8a:
         05:d1:43:f7:c8:52:7d:e6:16:a0:c7:9e:ff:78:19:d9:e8:a7:
         02:1e:5c:61:e7:b4:f0:1d:67:c1:ab:af:87:5a:6f:89:25:99:
         dd:7f:8e:4d:f6:85:10:8e:99:ca:ea:7f:3a:fa:5e:81:68:d5:
         59:0e:0b:51:10:a8:c7:5b:fe:7a:4c:75:c4:80:5d:cc:50:e6:
         ad:15:32:78:02:d7:65:d4:5f:9c:3f:9d:d0:9a:fb:9a:bd:87:
         c8:8d:5e:bf:d8:b1:2e:3d:26:13:cb:9d:24:01:37:2a:28:ed:
         8f:34:5e:10:bc:46:bd:07:2e:c4:c7:14:17:00:17:22:f7:ac:
         3d:08:dd:ac:66:d3:ff:a5:ff:ac:56:75:0b:a7:a2:a8:75:93:
         04:d2:4f:0f:df:aa:99:9b:a7:25:59:ce:bf:bc:44:83:81:09:
         ff:05:6f:41:c6:e0:5a:80:e9:a8:9e:33:81:0e:48:d7:38:c4:
         ba:1f:c2:1f:73:b7:08:75:50:5d:00:ef:87:ac:29:cd:18:af:
         d1:b5:32:67:4c:d9:86:e7:75:b1:49:74:be:0a:a8:88:1f:8f:
         8f:30:2f:7f:a7:7f:7b:9c:d9:83:58:e9:3e:76:5e:c7:b8:25:
         df:75:1a:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/HsWHdj1iZG4/jj+UN4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDZjZDE3NzY3MjkxODEyNzQ4NzVmMTE1ZjZmY2E2MzJiOGFmMDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TPCDNeTWhTL7A8XgPEczwxe1fN/
jhZwFcHeyiXVuscsEaaU5HfrZ8DzOXEMNedJFydj7zfIuXJWppnpZGPmk/uMnPPN
n8VfPZwwhykSJvBkWYdQzivOR3UFsiUsB/bc0tbpR9YG3cTdW225FlqBK80YkqMO
p8LNnFsgjLiGbR7Meb+j3RhJZA4bgMm9eQJ4Kqu4cQ9HC0Xg4/ZddGgJKnSEqMlu
WNIiY/dP8Co1r419tJooo4oE2sSrnDi+sTjIC1bMhAWc5zLiA9aF1oQDW7a5Sn6A
HkAfE6CKJVbX/omZ/Xb21huDxYLZFNs2FRVt69/BhcV+1GknlDQymHoTMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBs0XdnKRgSdIdfEV9vymMrivBvMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTUd6UmQyY3BHQkowaDE4UlgyX0tZeXVLOEc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmlKMA0G
CSqGSIb3DQEBCwUAA4IBAQAx+j5+efCjGve2+sfpRjSgKooF0UP3yFJ95hagx57/
eBnZ6KcCHlxh57TwHWfBq6+HWm+JJZndf45N9oUQjpnK6n86+l6BaNVZDgtREKjH
W/56THXEgF3MUOatFTJ4Atdl1F+cP53QmvuavYfIjV6/2LEuPSYTy50kATcqKO2P
NF4QvEa9By7ExxQXABci96w9CN2sZtP/pf+sVnULp6KodZME0k8P36qZm6clWc6/
vESDgQn/BW9BxuBagOmonjOBDkjXOMS6H8Ifc7cIdVBdAO+HrCnNGK/RtTJnTNmG
53WxSXS+CqiIH4+PMC9/p397nNmDWOk+dl7HuCXfdRrQ
-----END CERTIFICATE-----